Index

Sponsor

Wednesday, 11 January 2017

Cyber Security - KillDisk Malware - no decryption

A new variant of KillDisk malware linked to the infamous Black Energy group encrypts Linux machines and demands a huge ransom, but is not capable of decryption.

The new variant of KillDisk encrypts Linux machines, making them unbootable with data permanently lost. Despite the fact that the malware’s design doesn’t allow for the recovery of encrypted files, as encryption keys are neither stored nor sent anywhere, the criminals behind KillDisk demand 250,000 USD in Bitcoins. Fortunately, ESET researchers found a weakness in the encryption employed which makes recovery possible, albeit difficult.

“KillDisk serves as another example of why paying ransom should not be considered an option. When dealing with criminals, there’s no guarantee of getting your data back – in this case, the criminals clearly never intended to deliver on their promises. The only safe way of dealing with ransomware is prevention. Education, keeping systems updated and fully patched, using a reputable security solution, keeping backups and testing the ability to restore – these are the components of true insurance,” says Robert Lipovský, ESET Senior Researcher.

KillDisk is a destructive malware that gained notoriety as a component of the successful attack performed by the BlackEnergy group against the Ukrainian power grid in December 2015. More recently, ESET researchers detected planned cyber-sabotage attacks against a number of different targets within Ukraine’s financial sector. Since then, KillDisk attack campaigns have continued, aimed at several targets in the maritime transport sector.

The attack toolset has evolved and recent variants of KillDisk serve as file-encrypting ransomware. Initially targeting Windows systems, the version targeting Linux machines - not only affects Linux workstations but also servers, amplifying the damage potential.

Blog Archive

Cyberia Ireland

Cyber Security for Ireland

Search This Blog

Translate this blog

Welcome to Silicon Ireland

We are a nominated Daily Irish Tech blog started in 2008, We focus on Irish Tech news, SME's ,we love Irish start-ups,we love looking at new ideas & we love to feature all that is great in the Irish Tech community.

Silicon Ireland Menu

V Blog Awards 2017

Irish Blog Awards Short List 2016

Nominated Tech Blog

E Blog 14

Nominations

Shorty Award Nominated 12

Best Business Twitter Account

Social Media Awards 2011

Nominated Irish Blog Awards 2011

Tech Blog Shortlist 2010

An OConnor Media Site

The opinions, beliefs and viewpoints expressed by the various authors, employees and guest writers on this web site do not necessarily reflect the opinions, beliefs and viewpoints of Silicon Ireland News.